package org.xm.sk.config;

import java.io.Serializable;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.xm.sk.service.data.BaseService;
import org.xm.sk.service.security.XmUser;
import org.xm.sk.vo.e.BoderStatus;
import org.xm.sk.vo.tb.Boder;
import org.xm.sk.vo.tb.Works;

@Configuration
public class CustomPermissionEvaluator implements PermissionEvaluator {
    
    @Autowired
    private BaseService<Boder> boderService;
    @Autowired
    private BaseService<Works> worksService;

    //普通的targetDomainObject判断
    @Override
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
        if (permission instanceof String) {
            if ("selfOrderById".equals(permission.toString())) {
                Integer id = (Integer) targetDomainObject;
                Boder u = (Boder) boderService.findById(id);
                if (null == u) {
                    return false;
                }
                XmUser xmUser = (XmUser) authentication.getPrincipal();
                if (null != u.getUser() && xmUser.getUserid() != u.getUser().getId().intValue()) {
                    return false;
                }
            } else if (permission.toString().contains("selfOrderById4Hairdresser")) {
                Integer id = (Integer) targetDomainObject;
                Boder u = (Boder) boderService.findById(id);
                if (null == u) {
                    return false;
                }
                XmUser xmUser = (XmUser) authentication.getPrincipal();
                if (null != u.getHairdresser() && xmUser.getHairdresserid() != u.getHairdresser().getId().intValue()) {
                    return false;
                }
                if (permission.toString().endsWith("accept")) {
                    if (u.getStatus() != BoderStatus.SERVERING) {
                        return false;
                    }
                } else if (permission.toString().endsWith("server")) {
                    if (u.getStatus() != BoderStatus.SERVERING) {
                        return false;
                    }
                }
            } else if ("selfWorksById".equals(permission.toString())) {
                Integer id = (Integer) targetDomainObject;
                Works u = (Works) worksService.findById(id);
                if (null == u) {
                    return false;
                }
                XmUser xmUser = (XmUser) authentication.getPrincipal();
                if (null != u.getCreator() && xmUser.getUserid() != u.getCreator().intValue()) {
                    return false;
                }
            }
        }
        return true;
    }
    
    //用于ACL的访问控制
    @Override
    public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
        return false;
    }
}